Back to the Future in Financial Risks of Banking - A Dimensional Test Approach Murthy Yerraguntla Srilatha Ganapati Vasu Nagendran N Infosys Limited (NASDAQ: INFY) Abstract Today’s banking world faces the toughest challenges than any industry and they must take calculated risks to outshine the competitors. Failure to balance between risks and profit results definite catastrophe in terms of financial liability, stakeholders wealth and trust. This is precisely why the Financial Risk Management and control has gained more prominence in the recent past. It has become one of the core disciplines to identify measure and monitor profile of the banks. Supervisory Committees such as Basel have been coming up with more rigorous control measures to safeguard the banks and stakeholders from the pangs of financial risk. Every financial player in the market must provide accurate and timely updates to the regulatory bodies and abide by the rules of compliance. In order to comply with this, banks rely upon software applications to generate reports and assure the risks are hedged appropriately. Testing plays a crucial role in ensuring that the various risks have been thoroughly analyzed and observations are reported to management. 2 Abstract (cont..) This tutorial highlights the progression in the profile of a tester during the implementation of Basel Accords. It envisages the potential role of QA during the implementation of Basel III Contents of the tutorial will elaborate on • Types of critical risks being encountered by Banks • Regulatory bodies like Basel Compliance (II & III) • Approaches to monitor risk (Standard, Internal and Advanced) • Various tests to analyze the risk appetite (Stress testing, Back testing) • Roles played by QA during the first 2 Basel Accords • Progression in the profile of QA during Basel II • Anticipated role of QA during Basel III • Best practices 3 Target Audience This tutorial can benefit: Test Managers : To comprehend the potential role of QA during Basel III implementation Test Leads/Engineers : To recognize the relevance of dimensional testing approach while validating the risk applications Beginners: To showcase how exciting the QA role in the field of risk is going to be in future -- 4 Outline of the Tutorial 5. Transformation of QA profile during Basel II (20 mins) 1. Scope of QA during Basel 2 2. QA Phases 1. Objective & Expectation (5 mins) 1. Objectives of the session 2. Expectation from Audience 2. Introduction of Financial Risk (15 mins) 1. Types of major Risks 2. Sub Categories of Risk and Measurement approaches 3. Major financial failures post Great depression 6. Anticipated Role of QA during Implementation of Basel III (15 mins) 1. Introduction to Basel Capital Accord III 2. QA with Key Objectives of Basel III 3. QA at the end of Basel III 3. Introduction to Basel and Role Of Quality Assurance (10 mins) 1. A brief history of Basel committee 2. Basel I Capital Accord 3. Basel II Capital Accord 7. Best Practices (15 mins) 1. Best Practices 8. Summarization (5 mins) 1. Quick Re-cap 4. Transformation of QA profile during Basel I (10 mins) 1. Scope of QA during Basel 1 2. QA Phases 9. Closure (10 mins) 1. Revisit the objectives 2. Q&A 5 Objectives, Expectations… Objectives of this session : Is to touch upon the concepts of risks and role of QA while validating the risk applications in the past, present and future… Your Expectations for this session are … 6 Introduction of Financial Risk Types of major Risks Sub-categories of Risk Major Bank Failures Types of major Risks Credit Risk: This is one of the risks which has been shattering the financial firms. Credit risk denotes the risk of default from the borrower’s end. The scenario or the event which would cause the borrower to default would be referred to as Credit event. Market Risk: This risk deals with the adverse price fluctuations and volatility of the markets. The earnings of a financial institution would become uncertain due to the changes in the market conditions. There are multiple factors which would cause this to happen such as changes in political scenario, interest rates, equity and FOREX prices etc., Operational Risk: Operational Risk is the occurrence of loss due to inadequate or failed internal processes, incorrect decisions made by the senior management, or from external events. It also includes the exposure to litigation from all aspects of a firm’s activities. 8 Sub Categories of Risk and Measurement approaches Risk Credit Risk Sub-Categories Measurement Approaches Default Risk • Standardized Approach • Internal Ratings Based Approach Spread Risk Legal And Compliant Risk Operational Risk • Basic Indicator approach • Standardized Approach • Internal Measurements Approach System Risk People Risk Interest Rate Risk Liquidity Risk Market Risk • Standardized Approach • Internal Model Approach (IMA) Forex Risk Equity Risk 9 Major Financial failures post Great Depression S.No Bank Year Reason 1 Herstatt crisis 1974 Herstatt risk 2 Savings and Loan crisis 1984 Slump in real estate market and lack of proper regulations 3 Sub-Prime Mortgage Crisis 2008 4 European Debt Crisis BFS-US SSDU Research 2009 – Till date Sudden slump in real estate market Unprecedented growth in the government debt levels Introduction to Basel and Role Of Quality Assurance A brief history of Basel Committee Basel I Capital Accord Basel II Capital Accord 11 Introduction to the Basel Accords Basel I (1988-2003) Minimum Capital Requirement Standardized Approach Minimum Reasons for failure Capital Basel II (2004 – Present) Enhancements to Basel I Three Pillars Internal Based Approaches Reasons for failure Supervisory Committee Market Discipline Foundation and Advanced Approaches Monitoring Risk Models Data transparency Credit, Market and Operational Risks Stress and VaR estimates Disclosures Fig 1 – Pillars of Basel II 12 Transformation of QA profile during Basel I Scope of QA during Basel 1 QA Phases Scope of QA during Basel 1 The following are the key areas of testing during Basel 1: • GUI applications which would compute Tier Capital , Regulatory Capital and the Adequacy ratio. • Systems which would ensure that the Credit Risk weightage is grouped into the appropriate buckets • Applications to compute Collateral and margin requirements • Applications which are designed to report the exposure limits to authorities • Data migration for the firms involving in Mergers and Acquisitions. Basel 1 compliance post migration had to be validated. 14 QA Phase 1 QA • Dedicated testing teams were formed • Test management was carried out in Excel • Testers were confined to black box manual testing predominantly Value Add • With the existing skillset of testers, their role was confined to GUI testing of risk applications which would compute Credit RWA parameters. • This validation was done using both Standardized and IRB approaches Limitation • Lack of proper estimation techniques • Lack of test management tool • Limited scope to do Root Cause Analysis 15 QA Phase 2 QA • Simple, Medium and Complex estimation Model • Test management tools • Testers were exposed to Data Base Testing Value Add • Business had means to make a budget forecast with estimation models handy • To ensure that risk ratings from external entities have been correctly loaded into Banks’ DB and the computations of capital were accurately done • Test Management tools proved to be handy for efficient defect management Limitation • Testers had only basic SQL knowledge • Advanced features of excel were not explored to support the testing activities • Automation was not yet in place for functional and GUI testing 16 QA Phase 3 QA Value Add Limitation • • • • The role of Excel as a data management tool was recognized globally Testers became proficient in handling the Database Licensed test management tool Adapt to new Test Life cycles • Back testing of Stress and VaR risk estimates could be validated by using excel • Test case preparation process had been accelerated due to the query generator templates • Automation tools significantly cut down the repetitive manual effort • • • • Advanced reporting was consuming lot of manual effort using Excel Time to market was significantly high Testers were confined to using excel formulae and formatting features The interaction between multiple entities was not established 17 Transformation of QA profile during Basel II Scope of QA during Basel 2 QA Phases QA Progression into Two dimensional Are we there yet??? Scope of QA during Basel 2 The following are the additional validations done on top of Basel 1: • Applications which would compute Operational and Market Risk charges using various approaches. • Systems to validate the efficiency of Internal risk models and Back testing • GUI applications to validate the disclosure content and reporting format • Validation of applications migrating to advanced DB versions and ensuring system is Basel 2 compliant post migration. 19 QA Phase 4 QA • • • • Testers had become conversant with the VBA scripting Testing was carried over in iterative phases using AGILE model Testers had been exposed to various DBs Interfacing between tools became the most happening phenomena Value Add • Time to Market due to AGILE model • The new risk estimates barging into the market due to the advancement in Statistical and Probabilistic models could be validated better Limitation • Validation of applications containing volumes of data proved to be a huge challenge with regards to the execution and reporting • Performance issue 20 QA Phase 5 QA • Data warehouse testing is considered as specialized testing • QA was involved in validating the data transformation as per the business rules • Performance and Load testing of GUI has started gaining prominence Value Add • Data volume issues have been addressed using DWH • Back end testing of the firms involved in the mergers & acquisitions was possible • Extra level of Data transformation validation Limitation • Across the testing phases, multiple vendors were involved in bits and pieces. No vendor had the complete information about the system from the business perspective 21 QA Phase 6 QA • • • • Test Centre of Excellence Business Intelligence Advanced ETL implementations Introduction to Cloud testing and Mobile banking • Vendors could offer one stop comprehensive solutions • Reports could be generated using tools in a customizable format Value Add 22 Are we there yet??? Will the testers be able to comment upon the efficiency of Backtesting implemented and make suggestions to the business? Will the firms involve QA in the business oriented discussions such as IRB Approaches to be followed (Foundation, Advanced) or the frequency of the Stress tests? Will QA be able to recommend efficient Stress and VaR scenarios to the firms? 23 Language of Business and QA Scenario 1 QA : Market Risk Charge is zero for some records in Source system Business : All the records reported are for historical data. Source is Basel1 compliant and VaR estimates will not be available. IMA implemented only after 1998. Scenario 2: QA :There are 100 mismatches in the Location field between Source and Target. Business : This is branch roll up which is common across OTC instruments. Not an issue. BAU BFS-US SSDU Research Anticipated Role of QA during Implementation of Basel III Introduction to Basel Capital Accord III QA with Key Objectives of Basel III QA at the end of Basel III Introduction to the Basel III Basel 3 (2012-2019) Enhancements to Basel II Areas of concerns Minimum Capital • Introduced new liquidity ratios and buffer components Supervisory Committee • More emphasis on Supervision and quality of stress and VaR models Fig 3 – Changes done to Basel II 26 Market Discipline • New disclosures added QA with Key Objectives of Basel III To ensure that the firms focus on their core areas and cut down the infrastructure costs To ensure that the Stress data is centralized and quality of the risk estimated are improved To ensure that the performance of the risk applications is up to the international standards and the system down time is significantly reduced To improve upon the quality of reporting To ensure that there are no reciprocating effects due to other policies such as Dodd-Frank, Solvency II, especially in case of US firms BFS-US SSDU Research QA at the end of Basel III Testing Technical Domain Business Tester 28 Best Practices Standard Templates Checklists Reuse Scripting knowledge Documentation Test Management Process Adherence Configuration Management Knowledge Management 29 Summarization Quick recap… Quick recap Introduction to Financial risk & categorization Basel I, II & III Progression of QA from Basel I to beginning of Basel III Best practices Tester’s profile in Basel III 31 Closure Did we meet the objectives? 32 References http://bis.org Infosys project experience Infosys resources (www.infosys.com) Q&A: Murthy_Yerraguntla@infosys.com, Srilatha_Vasu@infosys.com, Nagendrann@infosys.com 34